Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Found: Possible Vector for Superbowl Websites Malicious JavaScript Insertion
We've received information that the likely common vector for how the web sites were compromised appears to be through the use of Dreamweaver.

There is not a flaw in Dreamweaver that was exploited.  It was a case of lazy programming on the parts of site developers who did not do a good job of "input validation" so attackers were able to do "sql injection" attacks.

78 Posts
Feb 7th 2007

Sign Up for Free or Log In to start participating in the conversation!